/* Copyright  (c) 2002 Graz University of Technology. All rights reserved.
 *
 * Redistribution and use in  source and binary forms, with or without 
 * modification, are permitted  provided that the following conditions are met:
 *
 * 1. Redistributions of  source code must retain the above copyright notice,
 *    this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in  binary form must reproduce the above copyright notice,
 *    this list of conditions and the following disclaimer in the documentation
 *    and/or other materials provided with the distribution.
 *  
 * 3. The end-user documentation included with the redistribution, if any, must
 *    include the following acknowledgment:
 * 
 *    "This product includes software developed by IAIK of Graz University of
 *     Technology."
 * 
 *    Alternately, this acknowledgment may appear in the software itself, if 
 *    and wherever such third-party acknowledgments normally appear.
 *  
 * 4. The names "Graz University of Technology" and "IAIK of Graz University of
 *    Technology" must not be used to endorse or promote products derived from 
 *    this software without prior written permission.
 *  
 * 5. Products derived from this software may not be called 
 *    "IAIK PKCS Wrapper", nor may "IAIK" appear in their name, without prior 
 *    written permission of Graz University of Technology.
 *  
 *  THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
 *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 *  WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 *  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE LICENSOR BE
 *  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
 *  OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 *  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 *  OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
 *  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 *  OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 *  OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 *  POSSIBILITY  OF SUCH DAMAGE.
 */

package iaik.pkcs.pkcs11.objects;

import iaik.pkcs.pkcs11.Session;
import iaik.pkcs.pkcs11.TokenException;
import iaik.pkcs.pkcs11.wrapper.Constants;
import iaik.pkcs.pkcs11.wrapper.PKCS11Constants;
import iaik.pkcs.pkcs11.wrapper.PKCS11Exception;



/**
 * This is the base class for private (asymmetric) keys. Objects of this class
 * represent private keys as specified by PKCS#11 v2.11.
 *
 * @author Karl Scheibelhofer
 * @version 1.0
 * @invariants (subject_ <> null)
 *             and (sensitive_ <> null)
 *             and (secondaryAuth_ <> null)
 *             and (authPinFlags_ <> null)
 *             and (decrypt_ <> null)
 *             and (sign_ <> null)
 *             and (signRecover_ <> null)
 *             and (unwrap_ <> null)
 *             and (extractable_ <> null)
 *             and (alwaysSensitive_ <> null)
 *             and (neverExtractable_ <> null)
 */
public class PrivateKey extends Key {

  /**
   * The subject of this private key.
   */
  protected ByteArrayAttribute subject_;

  /**
   * True, if this private key is sensitive.
   */
  protected BooleanAttribute sensitive_;

  /**
   * True, if this private key supports secondary authentication.
   */
  protected BooleanAttribute secondaryAuth_;

  /**
   * The authentication flags for secondary authentication. Only defined, if
   * the secondaryAuth_ is set.
   */
  protected LongAttribute authPinFlags_;

  /**
   * True, if this private key can be used for encryption.
   */
  protected BooleanAttribute decrypt_;

  /**
   * True, if this private key can be used for signing.
   */
  protected BooleanAttribute sign_;

  /**
   * True, if this private key can be used for signing with recover.
   */
  protected BooleanAttribute signRecover_;

  /**
   * True, if this private key can be used for unwrapping wrapped keys.
   */
  protected BooleanAttribute unwrap_;

  /**
   * True, if this private key can not be extracted from the token.
   */
  protected BooleanAttribute extractable_;

  /**
   * True, if this private key was always sensitive.
   */
  protected BooleanAttribute alwaysSensitive_;

  /**
   * True, if this private key was never extractable.
   */
  protected BooleanAttribute neverExtractable_;
  
  /**
   * True, if this private key can only be wrapped with a wrapping key
   * having set the attribute trusted to true.
   */
  protected BooleanAttribute wrapWithTrusted_;

  /**
   * Template of the key, that can be unwrapped.
   */
  protected AttributeArray unwrapTemplate_;
  
  /**
   * True, if the user has to supply the PIN for each use
   * (sign or decrypt) with the key.
   */
  protected BooleanAttribute alwaysAuthenticate_;
  
  /**
   * Default Constructor.
   *
   * @preconditions
   * @postconditions
   */
  public PrivateKey() {
    super();
    objectClass_.setLongValue(ObjectClass.PRIVATE_KEY);
  }

  /**
   * Called by sub-classes to create an instance of a PKCS#11 private key.
   *
   * @param session The session to use for reading attributes.
   *                This session must have the appropriate rights; i.e.
   *                it must be a user-session, if it is a private object.
   * @param objectHandle The object handle as given from the PKCS#111 module.
   * @exception TokenException If getting the attributes failed.
   * @preconditions (session <> null)
   * @postconditions
   */
  protected PrivateKey(Session session, long objectHandle)
      throws TokenException
  {
    super(session, objectHandle);
    objectClass_.setLongValue(ObjectClass.PRIVATE_KEY);
  }

  /**
   * The getInstance method of the Object class uses this method to create
   * an instance of a PKCS#11 private key. This method reads the key
   * type attribute and calls the getInstance method of the according sub-class.
   * If the key type is a vendor defined it uses the
   * VendorDefinedKeyBuilder set by the application. If no private key
   * could be constructed, this method returns null.
   *
   * @param session The session to use for reading attributes.
   *                This session must have the appropriate rights; i.e.
   *                it must be a user-session, if it is a private object.
   * @param objectHandle The object handle as given from the PKCS#111 module.
   * @return The object representing the PKCS#11 object.
   *         The returned object can be casted to the
   *         according sub-class.
   * @exception TokenException If getting the attributes failed.
   * @preconditions (session <> null)
   * @postconditions (result <> null) 
   */
  public static Object getInstance(Session session, long objectHandle)
      throws TokenException
  {
    if (session == null) {
      throw new NullPointerException("Argument \"session\" must not be null.");
    }
    
    KeyTypeAttribute keyTypeAttribute = new KeyTypeAttribute();
    getAttributeValue(session, objectHandle, keyTypeAttribute);
        
    Long keyType = keyTypeAttribute.getLongValue();

    Object newObject;

    if (keyTypeAttribute.isPresent() && (keyType != null)) {
      if (keyType.equals(Key.KeyType.RSA)) {
        newObject = RSAPrivateKey.getInstance(session, objectHandle);
      } else if (keyType.equals(Key.KeyType.DSA)) {
        newObject = DSAPrivateKey.getInstance(session, objectHandle);
      } else if (keyType.equals(Key.KeyType.ECDSA)) {
        newObject = ECDSAPrivateKey.getInstance(session, objectHandle);
      } else if (keyType.equals(Key.KeyType.DH)) {
        newObject = DHPrivateKey.getInstance(session, objectHandle);
      } else if (keyType.equals(Key.KeyType.KEA)) {
        newObject = KEAPrivateKey.getInstance(session, objectHandle);
      } else if ((keyType.longValue() & KeyType.VENDOR_DEFINED.longValue()) != 0L) {
        newObject = getUnknownPrivateKey(session, objectHandle);
      } else {
        newObject = getUnknownPrivateKey(session, objectHandle);
      }
    } else {
      newObject = getUnknownPrivateKey(session, objectHandle);
    }

    return newObject ;
  }

  /**
   * Try to create a key which has no or an unkown private key type 
   * type attribute.
   * This implementation will try to use a vendor defined key
   * builder, if such has been set. 
   * If this is impossible or fails, it will create just
   * a simple {@link iaik.pkcs.pkcs11.objects.PrivateKey PrivateKey }.
   * 
   * @param session The session to use.
   * @param objectHandle The handle of the object
   * @return A new Object.
   * @throws TokenException If no object could be created.
   * @preconditions (session <> null)
   * @postconditions (result <> null)
   */
  protected static Object getUnknownPrivateKey(Session session, long objectHandle) 
      throws TokenException
  {
    if (session == null) {
      throw new NullPointerException("Argument \"session\" must not be null.");
    }
    
    Object newObject;    
    if (Key.vendorKeyBuilder_ != null) {
      try {
        newObject = Key.vendorKeyBuilder_.build(session, objectHandle);
      } catch (PKCS11Exception ex) {
        // we can just treat it like some unknown type of private key
        newObject = new PrivateKey(session, objectHandle);
      }
    } else {
      // we can just treat it like some unknown type of private key
      newObject = new PrivateKey(session, objectHandle);
    }
    
    return newObject ;
  }
  
  /**
   * Put all attributes of the given object into the attributes table of this
   * object. This method is only static to be able to access invoke the
   * implementation of this method for each class separately (see use in
   * clone()).
   *
   * @param object The object to handle.
   * @preconditions (object <> null)
   * @postconditions
   */
  protected static void putAttributesInTable(PrivateKey object) {
    if (object == null) {
      throw new NullPointerException("Argument \"object\" must not be null.");
    }

    object.attributeTable_.put(Attribute.SUBJECT, object.subject_);
    object.attributeTable_.put(Attribute.SENSITIVE, object.sensitive_);
    object.attributeTable_.put(Attribute.SECONDARY_AUTH, object.secondaryAuth_);
    object.attributeTable_.put(Attribute.AUTH_PIN_FLAGS, object.authPinFlags_);
    object.attributeTable_.put(Attribute.DECRYPT, object.decrypt_);
    object.attributeTable_.put(Attribute.SIGN, object.sign_);
    object.attributeTable_.put(Attribute.SIGN_RECOVER, object.signRecover_);
    object.attributeTable_.put(Attribute.UNWRAP, object.unwrap_);
    object.attributeTable_.put(Attribute.EXTRACTABLE, object.extractable_);
    object.attributeTable_.put(Attribute.ALWAYS_SENSITIVE, object.alwaysSensitive_);
    object.attributeTable_.put(Attribute.NEVER_EXTRACTABLE, object.neverExtractable_);
    object.attributeTable_.put(Attribute.WRAP_WITH_TRUSTED, object.wrapWithTrusted_);
    object.attributeTable_.put(Attribute.UNWRAP_TEMPLATE, object.unwrapTemplate_);
    object.attributeTable_.put(Attribute.ALWAYS_AUTHENTICATE, object.alwaysAuthenticate_);
  }

  /**
   * Allocates the attribute objects for this class and adds them to the
   * attribute table.
   *
   * @preconditions
   * @postconditions
   */
  protected void allocateAttributes() {
    super.allocateAttributes();

    subject_ = new ByteArrayAttribute(Attribute.SUBJECT);
    sensitive_ = new BooleanAttribute(Attribute.SENSITIVE);
    secondaryAuth_ = new BooleanAttribute(Attribute.SECONDARY_AUTH);
    authPinFlags_ = new LongAttribute(Attribute.AUTH_PIN_FLAGS);
    decrypt_ = new BooleanAttribute(Attribute.DECRYPT);
    sign_ = new BooleanAttribute(Attribute.SIGN);
    signRecover_ = new BooleanAttribute(Attribute.SIGN_RECOVER);
    unwrap_ = new BooleanAttribute(Attribute.UNWRAP);
    extractable_ = new BooleanAttribute(Attribute.EXTRACTABLE);
    alwaysSensitive_ = new BooleanAttribute(Attribute.ALWAYS_SENSITIVE);
    neverExtractable_ = new BooleanAttribute(Attribute.NEVER_EXTRACTABLE);
    wrapWithTrusted_ = new BooleanAttribute(Attribute.WRAP_WITH_TRUSTED);
    unwrapTemplate_ = new AttributeArray(Attribute.UNWRAP_TEMPLATE);
    alwaysAuthenticate_ = new BooleanAttribute(Attribute.ALWAYS_AUTHENTICATE);

    putAttributesInTable(this);
  }

  /**
   * Create a (deep) clone of this object.
   *
   * @return A clone of this object.
   * @preconditions
   * @postconditions (result <> null)
   *                 and (result instanceof PrivateKey)
   *                 and (result.equals(this))
   */
  public java.lang.Object clone() {
    PrivateKey clone = (PrivateKey) super.clone();

    clone.subject_ = (ByteArrayAttribute) this.subject_.clone();
    clone.sensitive_ = (BooleanAttribute) this.sensitive_.clone();
    clone.secondaryAuth_ = (BooleanAttribute) this.secondaryAuth_.clone();
    clone.authPinFlags_ = (LongAttribute) this.authPinFlags_.clone();
    clone.decrypt_ = (BooleanAttribute) this.decrypt_.clone();
    clone.sign_ = (BooleanAttribute) this.sign_.clone();
    clone.signRecover_ = (BooleanAttribute) this.signRecover_.clone();
    clone.unwrap_ = (BooleanAttribute) this.unwrap_.clone();
    clone.extractable_ = (BooleanAttribute) this.extractable_.clone();
    clone.alwaysSensitive_ = (BooleanAttribute) this.alwaysSensitive_.clone();
    clone.neverExtractable_ = (BooleanAttribute) this.neverExtractable_.clone();
    clone.wrapWithTrusted_ = (BooleanAttribute) this.wrapWithTrusted_.clone();
    clone.unwrapTemplate_ = (AttributeArray) this.unwrapTemplate_.clone();
    clone.alwaysAuthenticate_ = (BooleanAttribute) this.alwaysAuthenticate_.clone();

    putAttributesInTable(clone); // put all cloned attributes into the new table

    return clone ;
  }

  /**
   * Compares all member variables of this object with the other object.
   * Returns only true, if all are equal in both objects.
   *
   * @param otherObject The other object to compare to.
   * @return True, if other is an instance of this class and all member
   *         variables of both objects are equal. False, otherwise.
   * @preconditions
   * @postconditions
   */
  public boolean equals(java.lang.Object otherObject) {
    boolean equal = false;

    if (otherObject instanceof PrivateKey) {
      PrivateKey other = (PrivateKey) otherObject;
      equal = (this == other)
              || (super.equals(other)
                  && this.subject_.equals(other.subject_)
                  && this.sensitive_.equals(other.sensitive_)
                  && this.secondaryAuth_.equals(other.secondaryAuth_)
                  && this.authPinFlags_.equals(other.authPinFlags_)
                  && this.decrypt_.equals(other.decrypt_)
                  && this.sign_.equals(other.sign_)
                  && this.signRecover_.equals(other.signRecover_)
                  && this.unwrap_.equals(other.unwrap_)
                  && this.extractable_.equals(other.extractable_)
                  && this.alwaysSensitive_.equals(other.alwaysSensitive_)
                  && this.neverExtractable_.equals(other.neverExtractable_)
                  && this.wrapWithTrusted_.equals(other.wrapWithTrusted_)
                  && this.unwrapTemplate_.equals(other.unwrapTemplate_)
                  && this.alwaysAuthenticate_.equals(other.alwaysAuthenticate_));
    }

    return equal ;
  }

  /**
   * Gets the subject attribute of this key.
   *
   * @return The subject attribute.
   * @preconditions
   * @postconditions (result <> null)
   */
  public ByteArrayAttribute getSubject() {
    return subject_ ;
  }

  /**
   * Gets the sensitive attribute of this key.
   *
   * @return The sensitive attribute.
   * @preconditions
   * @postconditions (result <> null)
   */
  public BooleanAttribute getSensitive() {
    return sensitive_ ;
  }

  /**
   * Gets the secondary authentication attribute of this key.
   *
   * @return The secondary authentication attribute.
   * @preconditions
   * @postconditions (result <> null)
   */
  public BooleanAttribute getSecondaryAuth() {
    return secondaryAuth_ ;
  }

  /**
   * Gets the authentication flags for secondary authentication of this key.
   *
   * @return The authentication flags for secondary authentication attribute.
   * @preconditions
   * @postconditions (result <> null)
   */
  public LongAttribute getAuthPinFlags() {
    return authPinFlags_ ;
  }

  /**
   * Gets the decrypt attribute of this key.
   *
   * @return The decrypt attribute.
   * @preconditions
   * @postconditions (result <> null)
   */
  public BooleanAttribute getDecrypt() {
    return decrypt_;
  }

  /**
   * Gets the sign attribute of this key.
   *
   * @return The sign attribute.
   * @preconditions
   * @postconditions (result <> null)
   */
  public BooleanAttribute getSign() {
    return sign_;
  }

  /**
   * Gets the sign recover attribute of this key.
   *
   * @return The sign recover attribute.
   * @preconditions
   * @postconditions (result <> null)
   */
  public BooleanAttribute getSignRecover() {
    return signRecover_;
  }

  /**
   * Gets the unwrap attribute of this key.
   *
   * @return The unwrap attribute.
   * @preconditions
   * @postconditions (result <> null)
   */
  public BooleanAttribute getUnwrap() {
    return unwrap_;
  }

  /**
   * Gets the extractable attribute of this key.
   *
   * @return The extractable attribute.
   * @preconditions
   * @postconditions (result <> null)
   */
  public BooleanAttribute getExtractable() {
    return extractable_;
  }

  /**
   * Gets the always sensitive attribute of this key.
   *
   * @return The always sensitive attribute.
   * @preconditions
   * @postconditions (result <> null)
   */
  public BooleanAttribute getAlwaysSensitive() {
    return alwaysSensitive_;
  }

  /**
   * Gets the never extractable attribute of this key.
   *
   * @return The never extractable attribute.
   * @preconditions
   * @postconditions (result <> null)
   */
  public BooleanAttribute getNeverExtractable() {
    return neverExtractable_;
  }
  
  /**
   * Gets the wrap with trusted attribute of this key.
   *
   * @return The wrap with trusted attribute.
   * @preconditions
   * @postconditions (result <> null)
   */
  public BooleanAttribute getWrapWithTrusted() {
    return wrapWithTrusted_;
  }
  
  /**
   * Gets the unwrap template attribute of this key. This 
   * attribute can only be used with PKCS#11 modules supporting
   * cryptoki version 2.20 or higher.
   *
   * @return The unwrap template attribute.
   * @preconditions
   * @postconditions (result <> null)
   */
  public AttributeArray getUnwrapTemplate() {
    return unwrapTemplate_ ;
  }
  
  /**
   * Gets the always authenticate attribute of this key.
   *
   * @return The always authenticate attribute.
   * @preconditions
   * @postconditions (result <> null)
   */
  public BooleanAttribute getAlwaysAuthenticate() {
    return alwaysAuthenticate_;
  }
  
  /**
   * Read the values of the attributes of this object from the token.
   *
   * @param session The session handle to use for reading attributes.
   *                This session must have the appropriate rights; i.e.
   *                it must be a user-session, if it is a private object.
   * @exception TokenException If getting the attributes failed.
   * @preconditions (session <> null)
   * @postconditions
   */
  public void readAttributes(Session session)
      throws TokenException
  {
    super.readAttributes(session);

//    Object.getAttributeValue(session, objectHandle_, subject_);
//    Object.getAttributeValue(session, objectHandle_, sensitive_);
//    Object.getAttributeValue(session, objectHandle_, secondaryAuth_);
//    Object.getAttributeValue(session, objectHandle_, authPinFlags_);
//    Object.getAttributeValue(session, objectHandle_, decrypt_);
//    Object.getAttributeValue(session, objectHandle_, sign_);
//    Object.getAttributeValue(session, objectHandle_, signRecover_);
//    Object.getAttributeValue(session, objectHandle_, unwrap_);
//    Object.getAttributeValue(session, objectHandle_, extractable_);
//    Object.getAttributeValue(session, objectHandle_, alwaysSensitive_);
//    Object.getAttributeValue(session, objectHandle_, neverExtractable_);
    Object.getAttributeValues(session, objectHandle_, new Attribute[] {
    		subject_, sensitive_, secondaryAuth_, authPinFlags_, decrypt_, sign_, signRecover_, unwrap_,
        extractable_, alwaysSensitive_, neverExtractable_, wrapWithTrusted_, alwaysAuthenticate_});
    Object.getAttributeValue(session, objectHandle_, unwrapTemplate_);
  }
  
  /**
   * This method returns a string representation of the current object. The
   * output is only for debugging purposes and should not be used for other
   * purposes.
   *
   * @return A string presentation of this object for debugging output.
   * @preconditions
   * @postconditions (result <> null)
   */
  public String toString() {
    StringBuffer buffer = new StringBuffer(1024);

    buffer.append(super.toString());

    buffer.append(Constants.NEWLINE);
    buffer.append(Constants.INDENT);
    buffer.append("Subject (DER, hex): ");
    buffer.append(subject_.toString());

    buffer.append(Constants.NEWLINE);
    buffer.append(Constants.INDENT);
    buffer.append("Sensitive: ");
    buffer.append(sensitive_.toString());

    buffer.append(Constants.NEWLINE);
    buffer.append(Constants.INDENT);
    buffer.append("Secondary Authentication: ");
    buffer.append(secondaryAuth_.toString());

    buffer.append(Constants.NEWLINE);
    buffer.append(Constants.INDENT);
    buffer.append("Secondary Authentication PIN Flags: ");
    if (authPinFlags_.isPresent() && !authPinFlags_.isSensitive() && (authPinFlags_.getLongValue() != null)) {
      long authFlagsValue = authPinFlags_.getLongValue().longValue();

      buffer.append(Constants.NEWLINE);
      buffer.append(Constants.INDENT);
      buffer.append(Constants.INDENT);
      buffer.append("User PIN-Count low: ");
      buffer.append((authFlagsValue & PKCS11Constants.CKF_USER_PIN_COUNT_LOW) != 0L);

      buffer.append(Constants.NEWLINE);
      buffer.append(Constants.INDENT);
      buffer.append(Constants.INDENT);
      buffer.append("User PIN final Try: ");
      buffer.append((authFlagsValue & PKCS11Constants.CKF_USER_PIN_FINAL_TRY) != 0L);

      buffer.append(Constants.NEWLINE);
      buffer.append(Constants.INDENT);
      buffer.append(Constants.INDENT);
      buffer.append("User PIN locked: ");
      buffer.append((authFlagsValue & PKCS11Constants.CKF_USER_PIN_LOCKED) != 0L);

      buffer.append(Constants.NEWLINE);
      buffer.append(Constants.INDENT);
      buffer.append(Constants.INDENT);
      buffer.append("User PIN to be changed: ");
      buffer.append((authFlagsValue & PKCS11Constants.CKF_USER_PIN_TO_BE_CHANGED) != 0L);
    } else {
      buffer.append(authPinFlags_.toString());
    }

    buffer.append(Constants.NEWLINE);
    buffer.append(Constants.INDENT);
    buffer.append("Decrypt: ");
    buffer.append(decrypt_.toString());

    buffer.append(Constants.NEWLINE);
    buffer.append(Constants.INDENT);
    buffer.append("Sign: ");
    buffer.append(sign_.toString());

    buffer.append(Constants.NEWLINE);
    buffer.append(Constants.INDENT);
    buffer.append("Sign Recover: ");
    buffer.append(signRecover_.toString());

    buffer.append(Constants.NEWLINE);
    buffer.append(Constants.INDENT);
    buffer.append("Unwrap: ");
    buffer.append(unwrap_.toString());

    buffer.append(Constants.NEWLINE);
    buffer.append(Constants.INDENT);
    buffer.append("Extractable: ");
    buffer.append(extractable_.toString());

    buffer.append(Constants.NEWLINE);
    buffer.append(Constants.INDENT);
    buffer.append("Always Sensitive: ");
    buffer.append(alwaysSensitive_.toString());

    buffer.append(Constants.NEWLINE);
    buffer.append(Constants.INDENT);
    buffer.append("Never Extractable: ");
    buffer.append(neverExtractable_.toString());
    
    buffer.append(Constants.NEWLINE);
    buffer.append(Constants.INDENT);
    buffer.append("Wrap With Trusted: ");
    buffer.append(wrapWithTrusted_.toString());
    
    buffer.append(Constants.NEWLINE);
    buffer.append(Constants.INDENT);
    buffer.append("Unwrap Template: ");
    buffer.append(unwrapTemplate_.toString());
    
    buffer.append(Constants.NEWLINE);
    buffer.append(Constants.INDENT);
    buffer.append("Always Authenticate: ");
    buffer.append(alwaysAuthenticate_.toString());

    return buffer.toString() ;
  }

}
